Cybersecurity for SaMD, AI/ML diagnostics, and medical imaging.
AI/ML-driven SaMD has unique cyber concerns: model integrity, training-data provenance, and the interfaces SaMD uses to ingest DICOM, FHIR, and PACS data. We deliver FDA-aligned threat models that explicitly cover model-supply-chain risks alongside conventional appsec.
Imaging AI and SaMD products are inferential and cloud-tethered. The model, the data pipeline, the training corpus, and the runtime are all in scope for FDA cybersecurity expectations - and increasingly for the GMLP and PCCP guidance as well.
Hospital security teams treat SaMD as a SaaS product: they want SOC 2 / HITRUST evidence, an SBOM, an API security summary, and clarity on the cloud shared-responsibility split before they let it touch PACS or EHR.
Typical clinical uses
Key data flows & integrations
Trained model artifacts must be signed, version-pinned, and verified at load - supply-chain tampering is now an FDA review topic.
Parser bugs and authorization gaps in clinical interfaces are a leading source of SaMD vulnerabilities.
Tenant separation, key scoping, and audit trails must be designed and tested, not assumed.
Imaging AI / SaMD is inferential and cloud-tethered - the model, the pipeline, and the data are all in scope for FDA cybersecurity expectations.
PCCPs let you update models post-clearance, but only with a documented and tested change-control + cyber-validation pipeline.
FDA still expects you to own end-to-end security even when running on AWS/Azure/GCP - the responsibility split must be explicit.
Standard pen testing won't catch evasion or poisoning attacks; you need ML-specific threat modeling and testing.
Training-data provenance, de-identification, and re-identification risk must be documented for both FDA and HIPAA.
What FDA scrutinizes
Predetermined Change Control Plans let you update models post-clearance, but only with a documented and tested change-control + cyber-validation pipeline.
Standard AppSec pen tests do not catch evasion or poisoning - reviewers expect ML-specific testing.
FDA still expects you to own end-to-end security on AWS / Azure / GCP - the responsibility split must be explicit in the SPDF.
Your PCCP must describe how cyber posture is maintained as the model is retrained - we help you write the cyber elements of the modification protocol.
Both. Software gets conventional appsec and API testing; the model gets supply-chain controls (signing, version pinning, load-time verification) and adversarial-input checks where clinically meaningful.
We document the training data lineage controls in your SPDF - source attestation, integrity, access - which FDA reviewers increasingly expect to see explicitly addressed.
Each interface is fuzzed and authorization-tested. We pay particular attention to multi-tenant authorization and parser memory-safety.
No - SOC 2 covers operational controls but does not satisfy FDA premarket cybersecurity content. You need both, and we make sure they line up.
Full transitive SBOM in SPDX or CycloneDX, including model dependencies, container base images, and ML frameworks - with a documented vulnerability and exploitability analysis.
Model integrity, DICOM/PACS interface testing, and PCCP-aware documentation for AI imaging products.
"Blue Goat Cyber's depth of expertise was impressive. We had no in-house cybersecurity experience, and their team guided us through every step of the FDA process. The penetration testing and SBOM testing were thorough and gave us complete confidence."
Cybersecurity for SaMD, AI/ML diagnostics, and medical imaging.
